44 lines
1.3 KiB
Python
Executable file
44 lines
1.3 KiB
Python
Executable file
#!/usr/bin/env python
|
|
# -*- coding: iso-8859-15 -*-
|
|
|
|
# Compteur des règles iptables
|
|
|
|
import sys,commands,string
|
|
|
|
# On prend l'argument pour définir la table à analyser
|
|
TABLE = sys.argv[0].split('_')[1]
|
|
|
|
if TABLE :
|
|
IPTABLES = "iptables -t %s -L " % TABLE
|
|
else :
|
|
IPTABLES = "iptables -L "
|
|
|
|
try :
|
|
arg = sys.argv[1]
|
|
except :
|
|
arg = ''
|
|
|
|
CHAINS = commands.getoutput('%s | grep Chain | awk \'{print $2}\'' % IPTABLES).split('\n')
|
|
|
|
if arg == "config" :
|
|
print 'graph_title Firewall %s' % string.lower(TABLE)
|
|
print 'graph_args --base 1000 --lower-limit 0'
|
|
print 'graph_category network'
|
|
print "graph_vlabel nb de regles"
|
|
for chain in CHAINS :
|
|
nom = string.lower(chain.replace('_', '').replace('-', ''))
|
|
label = chain.replace('_', '-')
|
|
print "%s.label %s" % (nom, label)
|
|
if CHAINS.index(chain) == 0 :
|
|
print "%s.draw AREA" % nom
|
|
else :
|
|
print "%s.draw STACK" % nom
|
|
if label == "TEST-MAC-IP" :
|
|
print "%s.warning 100:" % nom
|
|
print "%s.critical 1:" % nom
|
|
|
|
else :
|
|
for chain in CHAINS :
|
|
nom = string.lower(chain.replace('_', '').replace('-', ''))
|
|
value = int(commands.getoutput('%s %s | wc -l' % (IPTABLES, chain))) - 2
|
|
print "%s.value %d" % (nom, value)
|